CLAIMS 

What is claimed is: 

1. A method for performing blind decryption of a message M, 
wherein said message is encrypted by a first node using an 

5 encryption function to form an encrypted message, the method 
comprising the steps of: 

blinding said encrypted message with a blinding function z 
to form a blinded and encrypted message, wherein z has an inverse 
z" 1 ; 

10 in a first communicating step, communicating said blinded 

and encrypted message to a decryption agent; 

decrypting said blinded and encrypted message by said 
decryption agent using a decryption function to form a blinded 
message, wherein said decryption function is the inverse of said 
15 encryption function; 

in a second communicating step, communicating said blinded 
message to said first node; and 

unblinding said blinded message using z" 1 , to obtain said 
message M. 

20 

2. The method of claim 1 wherein said first node and said 
decryption agent are communicably coupled via a network, and at 
least one of said first and second communicating steps comprises 
the step of communicating the respective message over said 

25 network. 



3. The method of claim 2 wherein said first and second 
communicating steps comprise communicating the respective 
messages over said network. 

30 

4. The method of claim 1 wherein said first communicating step 
comprises the step of communicating said blinded and encrypted 
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message from said first node to said decryption agent via an 
anonymizer node and said second communicating step comprises the 
step of communicating said blinded message from said decryption 
agent to said first node via said anonymizer node. 

5 

5. The method of claim 1 wherein said decryption function 
comprises an ephemeral decryption key. 

6. The method of claim 5 further including the step of 
10 rendering said ephemeral decryption key unusable after a 

predetermined time. 

7. The method of claim 1 further including the step of 
generating said message M at said first node. 

15 

8. The method of claim 1 wherein said encryption and 
decryption functions are, respectively, public and private keys 
of a public key pair. 

20 9. The method of claim 8 wherein said public and private keys 
comprise a RSA public/private key pair of the form (e,n) and 
(d,n) , respectively. 

10. The method of claim 9 wherein said blinding function, z, is 
25 a blinding number R having an inverse R" 1 that satisfies R*R _1 =1 
mod n and wherein said blinding step includes the step of forming 
said blinded and encrypted message as the product (R e * M e mod n) 
where (M e mod n) is said message M encrypted using said public 
encryption key. 

30 
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11. The method of claim 10 wherein the decryption step includes 
raising the product { (R e *M e ) mod n) to the power d mod n, forming 
( (R e *M e ) mod n)) d mod n to form said blinded message R*M mod n. 

5 12. The method of claim 11 wherein the unblinding step includes 
unblinding said blinded message R*M mod n using R" 1 to obtain 
said message M. 

13. The method of claim 10 further including the step of 
10 generating an integer random number and utilizing said random 

number as the blinding number R. 

14. The method of claim 1 further comprising the steps of: 
obtaining a public key associated with said decryption 

15 agent, wherein said public key is a Dif f ie-Hellman public key of 
the form g x mod p; 

selecting a blinding number, y, having an inverse blinding 
function y' 1 that satisfies y*y _1 = 1 mod p-1; 

raising said public key g x mod p to the power y to obtain 

20 g xy mod p; 

raising g to the power y to form g y mod p; 

encrypting said message M using g xy mod p to form said 
encrypted message of the form {M}g xy mod p; 

saving a copy of said encrypted message {M}g xy mod p; and 
25 saving a copy of g y mod p by said first node. 

15. The method of claim 14 wherein said step of decrypting said 
blinded and encrypted message by said first node includes: 

selecting a blinding number, w, having an inverse blinding 
30 number w" 1 that satisfies w*w -1 = Imod p-1; 

raising, by said first node, said public key g x mod p to the 
power w to obtain g^ mod p; 

-17- 

ATTORNEY DOCKET NO. P7898 
WEINGARTEN, SCHURGIN, 
GAGNEBIN & LEBOVICI LLP 
TEL. (617) 542-2290 
FAX. (617) 451-0313 



forwarding mod p to said decryption agent; 

receiving g xyw mod p from said decryption agent; and 

raising g xyw mod p to said inverse blinding number, w" 1 , to 

form g xy mod p; and 
5 decrypting said encrypted message {M}g xy mod p using g xy mod 

p to obtain said message M. 

16. The method of claim 14 wherein said blinding number, y, is 
a randomly selected integer. 

10 

17. The method of claim 15 wherein said blinding number, w, is 
a randomly selected integer. 

18. The method of claim 1 further comprising the steps of: 

15 selecting a blinding number y having an inverse blinding 

number y -1 ; 

blinding said message M using said blinding number y to 
from a first blinded message; 

forwarding said first blinded message to an encryption 
20 agent; 

encrypting, by said encryption agent, said first blinded 
message to form a first blinded and encrypted message wherein 
said encryption is performed using said encryption function and 
wherein said encryption function and said corresponding 
25 decryption function are secret encryption and decryption keys, 
respectively; 

forwarding said first blinded and encrypted message from 
said encryption agent to said first node; and 

unblinding said first blinded and encrypted message using 
30 said inverse blinding number y" 1 to form said encrypted message. 
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19. The method of claim 18 wherein step of blinding said 
message using said blinding number y to form said first blinded 
message includes the step of raising said message M to the power 
y mod p. 

5 

20. The method of claim 19 wherein said secret encryption key 
is a value x and wherein said secret decryption key is x" 1 and 
wherein said step of encrypting said blinded message includes the 
step of raising said first blinded message M y mod p to the power 

10 x mod p to form said first blinded and encrypted message 

21. The method of claim 20 wherein said step of unblinding said 
first blinded and encrypted message includes the step of raising 
said first blinded and encrypted message M xy mod p to the power y" 

15 1 mod p, to obtain said encrypted message M x mod p. 

22. The method of claim 21 wherein said step of decrypting said 
first blinded message by said decryption agent includes the step 
of raising said first blinded message to said secret decryption 

20 key x' 1 to form a second blinded message M z mod p. 

23. A system for performing blind decryption of a message M 
comprising: 

a first node and a decryption agent communicably coupled 
via a communications network; 

said first node operative to: 

encrypt said message using an encryption function to 
form an encrypted message; 

blind said encrypted message with a blinding function 
z to form a blinded and encrypted message, wherein z has an 
inverse z" 1 ; 



25 



30 
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communicate said blinded and encrypted message to a 
decryption agent; 

decrypt said blinded and encrypted message by said 
decryption agent using a decryption function to form a 
5 blinded message, wherein said decryption function is the 

inverse of said encryption function; 

communicate said blinded message to said first node; 

and 

unblind said blinded message using z" 1 , to obtain said 
10 message M. 

24. A system for performing blind decryption of a message M 
comprising : 

a first node and a decryption agent communicably coupled 
15 via a communications network; 

means in said first node for: 

blinding said encrypted message with a blinding 
function z to form a blinded and encrypted message, wherein 
z has an inverse z" 1 ; 
20 communicating said blinded and encrypted message to a 

decryption agent; 

decrypting said blinded and encrypted message by said 
decryption agent using a decryption function to form a 
blinded message, wherein said decryption function is the 
25 inverse of said encryption function; 

communicating said blinded message to said first node; 

and 

unblinding said blinded message using z -1 , to obtain 
said message M. 



30 



25. A computer program product including a computer readable 
medium, said computer readable medium having a computer program 
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stored thereon for use in blinded ephemeral decryption, said 
computer program being executable on processors in a first node 
and a decryption agent respectively, said computer program 
product comprising : 
5 program code for execution on said processor in said first 

node for blinding said encrypted message with a blinding function 
z to form a blinded and encrypted message, wherein z has an 
inverse z" 1 and for communicating said blinded and encrypted 
message to a decryption agent; 

10 program code for execution on said processor in said 

decryption agent for decrypting said blinded and encrypted 
message by said decryption agent using a decryption function to 
form a blinded message, wherein said decryption function is the 
inverse of said encryption function and for communicating said 

15 blinded message to said first node; and 

program code for execution on said processor in said first 
node for unblinding said blinded message using z~ x , to obtain 
said message M. 



-21- 

ATTORNEY DOCKET NO. P7898 
WEINGARTEN, SCHURGIN, 
GAGNEBIN & LEBOVICI LLP 
TEL. (617) 542-2290 
FAX . (617) 451-0313 



